Description
SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Arnold Grossmann · textremotemultiple
https://www.exploit-db.com/exploits/27887
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015702
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25003
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/19085
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18006
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/426449/100/0/threaded
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0810
Scores
EPSS
0.0585
EPSS Percentile
90.6%
Details
CWE
CWE-94
Status
published
Products (3)
sap/sap_web_application_server
6.10
sap/sap_web_application_server
6.20
sap/sap_web_application_server
6.40
Published
Mar 07, 2006
Tracked Since
Feb 18, 2026